PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

Companies Using Anthropic's Mythos AI Uncover 10K+ Serious Software Bugs

Mythos identified 6,202 high- or critical-severity flaws in 1,000 open-source projects.

Will McCurdy
 & Will McCurdy Contributor

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS
(Credit: Matteo Della Torre/NurPhoto via Getty Images)

Anthropic partners have used its bug-hunting Claude Mythos AI to uncover 10,000 "high- or critical-severity vulnerabilities across the most systemically important software in the world.”

Claude Mythos, dubbed Project Glasswing, debuted in April. It was not publicly released, but instead shared with a select group of about 50 partners, as Anthropic claimed the tool was too powerful. One of those partners, cloud hosting firm Cloudflare has found 2,000 bugs, 400 of which were classified as high or critical severity, across its critical-path systems, and the false-positive rate was lower than that of human testers.

Mythos examined 1,000 open-source projects, identifying 6,202 high- or critical-severity flaws. Anthropic pointed to a vulnerability in wolfSSL, a popular SSL/TLS library frequently used in IoT and smart home devices.

Anthropic claims Mythos Preview constructed an exploit that could allow attackers to forge certificates, enabling them to host fake websites impersonating banks or email providers that would instead be controlled by the attacker. The company says it will release a technical analysis of the vulnerability, CVE-2026-5194, in the coming weeks.

Recommended by Our Editors

Pope Leo XIV: Unchecked AI Development Risks Building a New Tower of Babel
Pope Leo XIV: Unchecked AI Development Risks Building a New Tower of Babel
I Was Suffering From Major Task Paralysis. Here's How an AI-Powered Goblin Tool Helped Me Break Overwhelming Chores Into Tiny Steps
I Was Suffering From Major Task Paralysis. Here's How an AI-Powered Goblin Tool Helped Me Break Overwhelming Chores Into Tiny Steps
Spend Too Much Time on YouTube? Here's How I Use Gemini to Watch Videos for Me
Spend Too Much Time on YouTube? Here's How I Use Gemini to Watch Videos for Me
(Credit: Anthropic)

The news comes after several other reported incidents of Mythos finding bugs in popular software. Earlier this month, researchers utilizing the Mythos model claimed they bypassed Apple macOS security technology. In April, Mozilla claimed to have found 271 vulnerabilities within Firefox by using Mythos.

The AI firm's handling of the Mythos rollout has attracted plenty of criticism. Gary McGraw, a former VP at cybersecurity firm Synopsys, recently told The New York Times: “The technology is not too dangerous to release," adding, "If you don’t release a tool like this—or you hoard it—you are not solving the real problem.” Meanwhile, Michał Zalewski, a security researcher at Google, recently told The Wall Street Journal some of the hype around Mythos is “overblown.”

Last month, Bloomberg reported allegations that some users accessed the Mythos model without Anthropic’s authorization. The company denied there was any evidence of this at the time, but said it was investigating the claims.

About Our Expert

Will McCurdy

Will McCurdy

Contributor

I’m a reporter covering weekend news. Before joining PCMag in 2024, I picked up bylines in BBC News, The Guardian, The Times of London, The Daily Beast, Vice, Slate, Fast Company, The Evening Standard, The i, TechRadar, and Decrypt Media.

I’ve been a PC gamer since you had to install games from multiple CD-ROMs by hand. As a reporter, I’m passionate about the intersection of tech and human lives. I’ve covered everything from crypto scandals to the art world, as well as conspiracy theories, UK politics, and Russia and foreign affairs.

Read the latest from Will McCurdy

Read full bio